<%@ page language="java" contentType="text/html; charset=US-ASCII"
	pageEncoding="US-ASCII"%>
<%@ page import="java.sql.*"%>
<%@ page import="ca.radiologydb.util.Template"%>
<%@ page import="ca.radiologydb.util.ConnectionManager" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=US-ASCII">
<title>Profile Management</title>
</head>
<body>
	<%
		// @author Nicholas Liu

		// Get the real path of the servlet, so that we can get the template.
		Template template = new Template(this.getServletContext()
				.getRealPath("/").toString());
		out.println(template.getTemplateTop());

		// if not logged in, don't show anything.
		if (session.getAttribute("username") == null
				|| session.getAttribute("usertype") == null) {
			out.println("Not logged in/Don't have permission to access this resource.<br>");
			out.println("<a href='login.jsp'>Login</a>");
		}
		//establish the connection to the underlying database
		else {
			out.println("<h3>Profile Management.</h3>");
			ConnectionManager manager = new ConnectionManager();
			Connection conn = manager.getConnection();

			Statement stmt = null;
			ResultSet rset = null;

			if (request.getParameter("bSubmit") != null) {
				String user_name = (String) session
						.getAttribute("username");
				// create sql query to update persons.
				String sql = "UPDATE persons ";
				sql += "SET address='"
						+ request.getParameter("ADDRESS").trim() + "', ";
				sql += "first_name='"
						+ request.getParameter("FNAME").trim() + "', ";
				sql += "last_name='" + request.getParameter("LNAME").trim()
						+ "', ";
				sql += "email='" + request.getParameter("EMAIL").trim()
						+ "', ";
				sql += "phone='" + request.getParameter("PHONE").trim()
						+ "' ";
				sql += "WHERE user_name='" + user_name + "'";

				//out.println(sql);

				try {
					stmt = conn.createStatement();
					stmt.executeUpdate(sql);
				} catch (Exception ex) {
					out.println("<hr>" + ex.getMessage() + "<hr>");
				}

				stmt.close();

				// since the original user password isn't inputted, we just check if it's nonempty now.
				if (!request.getParameter("PASSWD").trim().isEmpty()) {
					sql = "UPDATE users ";
					sql += "SET password='"
							+ request.getParameter("PASSWD").trim() + "' ";
					sql += "WHERE user_name='" + user_name + "'";
				}

				try {
					stmt = conn.createStatement();
					stmt.executeUpdate(sql);
				} catch (Exception ex) {
					out.print("<hr>" + ex.getMessage() + "<hr>");
				}
				stmt.executeUpdate("commit");

				stmt.close();

				// basically a doublecheck that the user information has been updated by filling
				// in data from server - if it's changed, then it's good.
				sql = "select * from persons where user_name = '"
						+ user_name + "'";
				//out.println(sql);
				try {
					stmt = conn.createStatement();
					rset = stmt.executeQuery(sql);
				} catch (Exception ex) {
					out.println("<hr>" + ex.getMessage() + "<hr>");
				}

				String vars[] = new String[6];

				while (rset != null && rset.next()) {
					vars[0] = (rset.getString("user_name"));
					vars[1] = (rset.getString("first_name"));
					vars[2] = (rset.getString("last_name"));
					vars[3] = (rset.getString("address"));
					vars[4] = (rset.getString("email"));
					vars[5] = (rset.getString("phone"));
				}

				rset.close();

				out.println("<p>Changes were saved to database.</p>");

				// print out the profile change form.
				out.println("<form method=post action=profile.jsp><table id=form_table>");
				out.println("<tr><th>UserName:</th><td> <input type=text name=USERID value=\""
						+ vars[0]
						+ "\" readonly=\"readonly\" maxlength=24></td></tr>");
				out.println("<tr><th>Password:</th><td> <input type=password name=PASSWD maxlength=24></td></tr>");
				out.println("<tr><th>First Name:</th><td> <input type=text name=FNAME value=\""
						+ vars[1] + "\" maxlength=24></td></tr>");
				out.println("<tr><th>Last Name:</th><td> <input type=text name=LNAME value=\""
						+ vars[2] + "\" maxlength=24></td></tr>");
				out.println("<tr><th>Address:</th><td> <input type=text name=ADDRESS value=\""
						+ vars[3] + "\" maxlength=128></td></tr>");
				out.println("<tr><th>Email:</th><td> <input type=text name=EMAIL value=\""
						+ vars[4] + "\" maxlength=128></td></tr>");
				out.println("<tr><th>Phone:</th><td> <input type=text name=PHONE value=\""
						+ vars[5] + "\" maxlength=10></td></tr>");
				out.println("<tr><td align=right colspan=2><input type=submit name=bSubmit value=Submit></td></tr>");
				out.println("</table></form>");
				
				manager.closeConnection();
			} else {
				String user_name = (String) session
						.getAttribute("username");
				String sql = "select * from persons where user_name = '"
						+ user_name + "'";

				try {
					stmt = conn.createStatement();
					rset = stmt.executeQuery(sql);
				} catch (Exception ex) {
					out.println("<hr>" + ex.getMessage() + "<hr>");
				}

				String vars[] = new String[6];

				while (rset != null && rset.next()) {
					vars[0] = (rset.getString("user_name"));
					vars[1] = (rset.getString("first_name"));
					vars[2] = (rset.getString("last_name"));
					vars[3] = (rset.getString("address"));
					vars[4] = (rset.getString("email"));
					vars[5] = (rset.getString("phone"));
				}

				rset.close();

				//out.println(vars[3]+"<br>");

				out.println("<form method=post action=profile.jsp><table id=form_table>");
				out.println("<tr><th>UserName:</th><td> <input type=text name=USERID value=\""
						+ vars[0]
						+ "\" readonly=\"readonly\" maxlength=24></td></tr>");
				out.println("<tr><th>Password:</th><td> <input type=password name=PASSWD maxlength=24></td></tr>");
				out.println("<tr><th>First Name:</th><td> <input type=text name=FNAME value=\""
						+ vars[1] + "\" maxlength=24></td></tr>");
				out.println("<tr><th>Last Name:</th><td> <input type=text name=LNAME value=\""
						+ vars[2] + "\" maxlength=24></td></tr>");
				out.println("<tr><th>Address:</th><td> <input type=text name=ADDRESS value=\""
						+ vars[3] + "\" maxlength=128></td></tr>");
				out.println("<tr><th>Email:</th><td> <input type=text name=EMAIL value=\""
						+ vars[4] + "\" maxlength=128></td></tr>");
				out.println("<tr><th>Phone:</th><td> <input type=text name=PHONE value=\""
						+ vars[5] + "\" maxlength=10></td></tr>");
				out.println("<tr><td align=right colspan=2><input type=submit name=bSubmit value=Submit></td></tr>");
				out.println("</table></form>");
			}

			conn.close();
			manager.closeConnection();
		}
	%>
</body>
</html>